Question : How to set vyatta to block all traffic destined for a network other than ours

Hi Team,

   I am new to vyatta and I am trying to construct a set of firewall rules that basically says, block all traffic destined to a network other than ours.  In this case the local subnet is 10.10.10.0 and I want all traffic behind vyatta to go through our network (same side as eth0) but not exit from eth0 to any other destination.

 set firewall name eth0out rule 10 action drop
 set firewall name eth0out rule 10 protocol tcp
 set firewall name eth0out rule 10 destination address !10.10.10.0/24
 set interfaces eth0 firewall out name eth0out

Line #3 is what I am having difficulty with.   the ! doesn't seem to work. Can someone just guide me on the proper syntax?

Thanks and regards

Answer : How to set vyatta to block all traffic destined for a network other than ours

You should allow traffic to your network and drop all other in two rules. Actually drop is the default policy so the second rule (rule 20) is not necessary.

1: 2: 3: 4:

set firewall name eth0out rule 10 action accept set firewall name eth0out rule 10 destination address 10.10.10.0/24 set firewall name eth0out rule 20 action drop set interfaces eth0 firewall out name eth0out